SEC Statements On Cybersecurity – Part 2

On September 20, 2017, SEC Chair Jay Clayton issued a statement on cybersecurity that included the astonishing revelation that the SEC Edgar system had been hacked in 2016. Since the original statement, the SEC has confirmed that personal information on at least two individuals was obtained in the incident. Following Jay Clayton’s initial statement, on September 25, 2017, the SEC announced two new cyber-based enforcement initiatives targeting the protection of retail investors, including protection related to distributed ledger technology (DLT) and initial coin or cryptocurrency offerings (ICO’s).

The issue of cybersecurity is at the forefront for the SEC, and Jay Clayton is asking the House Committee on Financial Services to increase the SEC’s budget by $100 million to enhance the SEC’s cybersecurity efforts.

This is the second in a two-part blog series summarizing Jay Clayton’s statement, the SEC EDGAR hacking and the new initiatives. Part I of this blog, which outlined Chair Clayton’s statement on cybersecurity and the EDGAR hacking, can be read HERE . This second part in the series discusses the new cyber-based enforcement initiatives.

Previously I issued a blog outlining SEC guidance on the disclosure of cybersecurity matters, which can be read HERE.

Enforcement Initiatives

The SEC has established two new cybersecurity-related enforcement initiatives to address cyber-based threats and protect retail investors. The first is a creation of a Cyber Unit that will focus on targeting cyber-related misconduct. The second is the formation of a retail strategy task force that will focus on issues that directly affect retail investors.

Cyber-related threats to trading platforms and other critical market infrastructure

Chair Clayton formed the group with the goal of creating a cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency. The Enforcement Division of the SEC has had to fast-track its expertise on matters related to cybersecurity including the advanced technologies that can be utilized. It is thought that this focused enforcement initiative will further the SEC’s abilities to detect, respond to, and pursue misconduct.

On October 26, 2017, Stephanie Avakian, Co-Director of the Division of Enforcement gave a speech where she addressed both initiatives. She addressed the obvious need for the Cyber Unit in today’s world of ever increasing cyber-related misconduct affecting the securities markets.

Expanding on the SEC’s list of areas of attention, Ms. Avakian indicates that the Cyber-Unit will also focus on cases involving failures by registered entities to take appropriate steps to safeguard information or ensure system integrity. The Cyber-Unit will work closely with the Office of Compliance, Inspections and Examinations (OCIE) in this area.

Further, the Cyber-Unit will review cases involving the failure by publicly reporting entities to properly report and disclose cyber related issues. The SEC has not yet brought a case in this space, but is expected to do so. The SEC expects companies’ to report cyber issues in risk factors and management discussion and analysis where appropriate and believes that the failure to do so could rise to a fraud issue under Rule 10b-5.

Retail Strategy Task Force

The Retail Strategy Task Force is planning to develop targeted initiatives to identify and pursue misconduct impacting retail investors. The retail investor arena is a broad playing field including everything from the sales of unsuitable structured products to micro-cap pump-and-dump schemes. The Task Force will rely heavily on technology and analytics to identify problems. The Task Force includes enforcement personnel from around the country.

In her October 26, 2017 speech, Enforcement Co-Director, Stephanie Avakian stated, “this group will look at the many ways that retail investors intersect with the securities markets and look for widespread misconduct.” In a time of tight budgets, the SEC is focused on thinking strategically to identify problems and find the most efficient way to pursue enforcement actions including, as mentioned, with technology. Data analytics can be used to identify data by groups such as by product, by investor type, by location, by sales or trading practice, or by fee. The SEC is even figuring out ways to use technology and data analytics to analyze the more than 16,000 tips it receives each year and integrate that data with other data points to identify issues.

Investment professionals steering customers to mutual fund share classes with higher fees, when lower-fee share classes of the same fund are available.

Abuses in wrap-fee accounts, including failing to disclose the additional costs of “trading away” or trading through unaffiliated brokers, and purchasing alternative products that generate additional fees.

Investors buying and holding products like inverse exchange-traded funds (ETFs) for long-term investment. These can be highly volatile products that are generally intended as a hedge against exposure to downward moving markets, and that face a long-term high risk of losing their principal. The SEC is increasingly seeing retail investors holding these products long-term, including in retirement accounts.

Problems in the sale of structured products to retail investors, including a failure to fully and clearly disclose fees, mark-ups, and other factors that can negatively impact returns; and

Abusive practices like churning and excessive trading that generate large commissions at the expense of the investor.

In addition to enforcement, the Retail Strategy Task Force will have an investor outreach and education component. In that regard, we can expect to see Investor Bulletins and other SEC investor communications generated from the Task Force’s findings and efforts.

Securities attorney Laura Anthony and her experienced legal team provides ongoing corporate counsel to small and mid-size private companies, OTC and exchange traded issuers as well as private companies going public on the NASDAQ, NYSE MKT or over-the-counter market, such as the OTCQB and OTCQX. For nearly two decades Legal & Compliance, LLC has served clients providing fast, personalized, cutting-edge legal service. The firm’s reputation and relationships provide invaluable resources to clients including introductions to investment bankers, broker dealers, institutional investors and other strategic alliances. The firm’s focus includes, but is not limited to, compliance with the Securities Act of 1933 offer sale and registration requirements, including private placement transactions under Regulation D and Regulation S and PIPE Transactions as well as registration statements on Forms S-1, S-8 and S-4; compliance with the reporting requirements of the Securities Exchange Act of 1934, including registration on Form 10, reporting on Forms 10-Q, 10-K and 8-K, and 14C Information and 14A Proxy Statements; Regulation A/A+ offerings; all forms of going public transactions; mergers and acquisitions including both reverse mergers and forward mergers, ; applications to and compliance with the corporate governance requirements of securities exchanges including NASDAQ and NYSE MKT; crowdfunding; corporate; and general contract and business transactions. Moreover, Ms. Anthony and her firm represents both target and acquiring companies in reverse mergers and forward mergers, including the preparation of transaction documents such as merger agreements, share exchange agreements, stock purchase agreements, asset purchase agreements and reorganization agreements. Ms. Anthony’s legal team prepares the necessary documentation and assists in completing the requirements of federal and state securities laws and SROs such as FINRA and DTC for 15c2-11 applications, corporate name changes, reverse and forward splits and changes of domicile. Ms. Anthony is also the author of SecuritiesLawBlog.com, the OTC Market’s top source for industry news, and the producer and host of LawCast.com, the securities law network. In addition to many other major metropolitan areas, the firm currently represents clients in New York, Las Vegas, Los Angeles, Miami, Boca Raton, West Palm Beach, Atlanta, Phoenix, Scottsdale, Charlotte, Cincinnati, Cleveland, Washington, D.C., Denver, Tampa, Detroit and Dallas.

Legal & Compliance, LLC makes this general information available for educational purposes only. The information is general in nature and does not constitute legal advice. Furthermore, the use of this information, and the sending or receipt of this information, does not create or constitute an attorney-client relationship between us. Therefore, your communication with us via this information in any form will not be considered as privileged or confidential.

This information is not intended to be advertising, and Legal & Compliance, LLC does not desire to represent anyone desiring representation based upon viewing this information in a jurisdiction where this information fails to comply with all laws and ethical rules of that jurisdiction. This information may only be reproduced in its entirety (without modification) for the individual reader’s personal and/or educational use and must include this notice.